pocketbase-best-practices
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely informational, providing developers with best practices for PocketBase. It includes guidance on preventing IDOR vulnerabilities, SQL injection (via filter binding), and unauthorized data exposure.
- [SAFE]: Code examples correctly demonstrate the use of environment variables for sensitive credentials like API keys and passwords, explicitly advising against hardcoding secrets.
- [EXTERNAL_DOWNLOADS]: The skill references official PocketBase documentation, the official JavaScript SDK, and well-known community resources (such as Caddy plugins and community Docker images). These references are documented neutrally and include security warnings where third-party components are mentioned.
Audit Metadata